Article delegate-en/4001 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4000@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: ftp/tls +PASV +NAT
15 Jun 2008 09:14:29 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


On 06/12/08(04:56) you Darin Perusich <puahqbdyi-xtqvdm6snljr.ml@ml.delegate.org> wrote
in <_A4000@delegate-en.ML_>
 |I've read a few post on the mail-list about ftp/ssl connection timeouts 
 |when trying to establish passive connections to an ftp/tls server behind 
 |a firewall, though I don't believe these address the issue I'm seeing.
 |
 |I'm setting up an delegate ftp/tls proxy to a remote site which I have 
 |no control over. When I connect to this remote server without going 
 |through delegate the ftp client goes into PASV mode,the remote server 
 |replies with it private IP address. The client, FileZilla has been 
 |configure to use the external IP address. When I setup delegate to proxy 
 |the ftp/tls connection it tries to reply to the remote server private IP 
 |address and the connection times out. Is there a way to configure 
 |delegate to reply to the external address?

First, if possible, you shoud setup your client to use EPSV instread of PASV.
Unlike PASV, the EPSV response does not include the address of the FTP server
but only shows the port number, like "229 Extended Passive Mode (|||12346|)"
instead of "227 Entering Passive Mode (11,22,33,44,482,64)." for PASV.
Thus the destination address of the data connection will be that of the
current control connection automatically, and you will not be bothered with it.

 |My delegate configuration:
 |
 |delegated STLS="fsv,-fcl" -P2121 SERVER=ftp MOUNT="/* 
 |ftp://internet.ip.addr.ess/*"
 |
 |I've tried setting FTPCONF="hideserv", and some SRCIF options but to no 
 |avail. I'm using delegate9.7.7.

You need to specify your external IP address (11.22.33.44) as this:

  SRCIF="11.22.33.44:*:tcpbound"

<URL:http://www.delegate.org/mail-lists/delegate-en/2767>
[CHANGES]
8.5.6 030628 inets.c: introduced SRCIF=tcpbound for FTP PASV (on SSL) behind NAT

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V